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1 . A method for brokering state information exchanged between computers using at 
least one protocol above a transport layer, the method comprising the steps of: 

receiving at a proxy a request from a client requesting a resource of an origin server; 
redirecting the client request from the proxy to a policy module; 
obtaining at the proxy policy enforcement data provided by the policy module; 
generating at the proxy a policy state roken in response to the policy enforcement data; and 
transmitting the policy state token fr0m the proxy to the client. 



2. The method of claim 1, further comprising the step of receiving at the proxy a 
renewed request for the origin server resource, the renewed request containing the policy state 
token. 



3 . The method of claim 2, wherein the renewed request contains the policy state token 
in a cookie in a header sent from the client to the proxy. 



4. The method of claim 2, tfurther comprising the step of forwarding to the origin 
server a portion of the renewed request, the forwarded portion omitting the policy state token. 



5. 



The method of claim 4 



further comprising the step of receiving at the proxy a reply 



from the origin server, the reply containing an origin state token for use by the proxy in its 



subsequent communications with the 



origin server. 



36 



# 



6. The method of claim 4, further composing the steps at the proxy of forwarding to 
the client at least a portion of a communication from the origin server, and forwarding to the origin 
server at least a portion of a communication from the client. 

7, The method of claim 1, wherein HJTTP is a protocol used during at least one of the 
receiving and transmitting steps. 



8. The method of claim 1, wherein 
receiving and transmitting steps. 



ITTPS is a protocol used during at least one of the 



9. The method of claim 1, whereir the method further comprises utilizing Novell 
Directory Services software to provide authen ication information about the client, and the policy 
enforcement data obtained by the proxy depends on the authentication information thus provided. 



10. The method of claim 1, wherein the method further comprises utilizing Lightweight 
Directory Access Protocol software to provide authentication information about the client, and the 
policy enforcement data obtained by the pro jy depends on the authentication information thus 
provided. 



11. The method of claim 1, whe: 
Sockets Layer software to provide authenti 
enforcement data obtained by the proxy depends 



ein the method further comprises utilizing Secure 
ation information about the client, and the policy 
on the authentication information thus provided. 
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12. The method of claim 1, wherein the obtaining step extracts policy enforcement data 
from a redirection address field. 



13. The method of claim 1, wher 
5 in a cookie in a header sent from the proxy 



sin the transmitting step transmits the policy state token 
:o the client. 



14. A transparent proxy server 



ree 



comprising: 



a memory configured at least in part by a transparent proxy process; 
a processor for running the transparent proxy process; 
at least one link for networeed communication between the transparent proxy 
process, on the one hand, and a cli snt computer and an origin server, on the other hand; and 

a policy module identifier which identifies a policy module that grants or denies 
authorization of proxy services. 

15. The transparent proxy ser/er of claim 14, in combination with the policy module. 

16. The transparent proxy seijver of claim 15, wherein the policy module and the 
transparent proxy process are running oil the same computer. 



20 17. The transparent proxy sever of claim 14, in combination with the client computer 

and at least one other client computer, iach client computer linked for networked communication 
with the transparent proxy process. 
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18. The transparent proxy server of claim 14, wherein the transparent proxy server 
provides authorized proxy service transparently to both a client computer and an origin server by 
steps which comprise receiving a request frpm the client for a resource of the origin server, sending 
the client an authorization by the policy module for the client to use a transparent proxy service, 
accepting the authorization from the clieni with a renewed client request for the origin server 
resource, forwarding the renewed client cequest to the origin server without forwarding the 
authorization but with an indication to the origin server that the transparent proxy server is the 
source of the forwarded request, and then transparently forwarding the requested resource from the 
origin server to the client. 

19. The transparent proxy Server of claim 1 8, wherein the transparent proxy server 
sends the client the authorization by pending the client a proxy cookie for use in subsequent 
communications from the client. 



20. The transparent prox 
transparent proxy server which also 
process, a processor for running the 
identifier. 



server of claim 14, in combination with at least one additional 
has a memory configured at least in part by a transparent proxy 
transparent proxy process, a link, and a policy module 



21 . The combined transparent proxy servers of claim 20, wherein one transparent proxy 



server forwards client requests to the other transparent proxy server. 
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22. The combined transparent proxy servers of claim 20, wherein one transparent proxy 
server takes over the handling of client requests in place of the other transparent proxy server. 



23. A pair of state information brokering signals embodied in a distributed computer 

5 . system, the system containing a client, a transparent proxy server having a transparent proxy server 
address, and a policy module having a polidy module address, the pair of signals comprising: 

a first signal including a redirection command which specifies the policy module 
address as a redirection target; and 

a second signal including aj redirection command which specifies the transparent 
proxy server address as a redirection target and also including policy enforcement data 
which grants or denies authorization for the client to use a service of the transparent proxy 
server. 

24. The signal pair of claim 33, wherein the first signal includes an identity broker 
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1:53 address as the policy module address. 



25. The signal pair of claim 23, wherein the first signal includes a login server address 
as the policy module address. 



20 26. The signal pair of claim 

enforcement data embedded in an addiess 



23, wherein the second signal includes the policy 
field with the transparent proxy server address. 



\ 
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27. A computer storage medium having a configuration that represents data and 
instructions which will cause performance of method steps for transparent proxy services, the 
method comprising the steps of: 

receiving at a transparent pi/oxy a request from a client requesting a resource of an 

origin server; 

redirecting the client request from the transparent proxy to a policy module; and 
obtaining at the transparelt proxy policy enforcement data provided by the policy 

module, the policy enforcement jdata granting or denying authorization for the client to 

access the resource through the 1 ransparent proxy. 



i!0 28. The configured storage 

j ^ grants authorization for the client to access 

r ~ method further comprises the steps of gji 

{Jl at least a portion of the policy enforcement 

15] transparent proxy to the client. 



medium of claim 27, wherein the policy enforcement data 

the resource through the transparent proxy, and the 
enerating at the transparent proxy a proxy cookie containing 
data, and transmitting the proxy cookie from the 



29. The configured storage 
the steps of accepting the proxy cookie 
the origin server resource, and forwardijng 
the proxy cookie. 



medium of claim 28, wherein the method further comprises 
at the transparent proxy with a renewed client request for 
the renewed client request to the origin server without 



30. The configured storage medium of claim 29, wherein the method further comprises 



the step of transparently forwarding the requested resource from the origin server to the client. 

\ 
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3 1 . The configured storage medium! of claim 27, wherein the transparent proxy is a first 
transparent proxy, the policy enforcement data includes first policy enforcement data which grants 
authorization for the client to access the resource through the first transparent proxy, and the 
5 method further comprises the steps of: 

generating at the first transparent proxy a proxy cookie in response to the first policy 
enforcement data; 

transmitting the proxy cookie from the first transparent proxy to the client; 
receiving the first proxy cookie from the client at a second transparent proxy with a 
renewed client request for the orig|n server resource, after the first transparent proxy 
becomes unavailable to the client;] 

redirecting the renewed cljent request from the second transparent proxy to a policy 
module; and 

accepting, at the second transparent proxy, second policy enforcement data provided 
by the policy module, the second policy enforcement data including authorization from the 
policy module for the client to access the resource through the second transparent proxy. 



1$ 
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